CVE-2025-32746 Overview
CVE-2025-32746 affects Dell PowerFlex Manager versions 4.6.2 and earlier. The vulnerability stems from insecure storage of sensitive information [CWE-922] within the management platform. An attacker with local access can retrieve sensitive data from the affected system without prior authentication to the application layer.
Dell published advisories DSA-2025-434 and DSA-2025-435 covering PowerFlex Appliance and PowerFlex Rack deployments. The affected components include Dell PowerFlex Manager, Dell PowerFlex Appliance Intelligent Catalog, and Dell PowerFlex Rack. The flaw allows unauthorized disclosure of confidential information stored by the management platform.
Critical Impact
Local attackers can access sensitive information stored insecurely by PowerFlex Manager, potentially exposing credentials or configuration data used to manage storage infrastructure.
Affected Products
- Dell PowerFlex Manager (versions ≤ 4.6.2)
- Dell PowerFlex Appliance Intelligent Catalog
- Dell PowerFlex Rack
Discovery Timeline
- 2026-05-22 - CVE-2025-32746 published to NVD
- 2026-05-22 - Last updated in NVD database
Technical Details for CVE-2025-32746
Vulnerability Analysis
The vulnerability is classified under [CWE-922] Insecure Storage of Sensitive Information. PowerFlex Manager stores sensitive data in a location that lacks adequate access restrictions. A local actor with low-level privileges on the host can read this data without further authentication checks.
PowerFlex Manager orchestrates storage, compute, and network resources for PowerFlex hyperconverged infrastructure. Sensitive material handled by the platform typically includes administrative credentials, API tokens, and configuration metadata. Exposure of these artifacts can enable lateral movement within the storage management plane.
The attack requires local access, but no user interaction. The impact is limited to confidentiality, with no direct effect on integrity or availability of the affected component.
Root Cause
The root cause is the placement of sensitive information in storage locations that do not enforce sufficient access controls. This may involve world-readable files, unencrypted configuration databases, or log files containing secrets. The platform fails to apply appropriate file permissions, encryption at rest, or secret management practices for data that should be restricted to privileged service accounts.
Attack Vector
Exploitation requires the attacker to already possess local access to a system running an affected PowerFlex Manager component. From this position, the attacker enumerates filesystem paths, configuration stores, or process memory used by PowerFlex Manager. The attacker reads the exposed sensitive information directly, bypassing any application-level authentication. No exploit code is publicly available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.
Detection Methods for CVE-2025-32746
Indicators of Compromise
- Unexpected file reads against PowerFlex Manager configuration directories or databases by non-service accounts
- Local shell sessions on PowerFlex management nodes outside scheduled administrative windows
- Access to log or backup files containing credential strings or API tokens by unprivileged users
Detection Strategies
- Audit filesystem access on PowerFlex Manager hosts for reads against sensitive configuration paths
- Monitor process execution chains spawning shells, archive utilities, or text readers under the PowerFlex service context
- Correlate local authentication events with subsequent file access patterns on management appliances
Monitoring Recommendations
- Enable Linux auditd or equivalent OS-level auditing on PowerFlex Manager nodes targeting configuration directories
- Forward host telemetry from management appliances to a centralized SIEM for behavioral correlation
- Review privileged account activity on PowerFlex hosts daily, with focus on credential and configuration access
How to Mitigate CVE-2025-32746
Immediate Actions Required
- Inventory all PowerFlex Manager, PowerFlex Appliance Intelligent Catalog, and PowerFlex Rack instances and confirm running versions
- Apply Dell remediation guidance from DSA-2025-434 and DSA-2025-435 as soon as maintenance windows permit
- Restrict local and console access to PowerFlex management nodes to a minimal set of authorized administrators
- Rotate credentials, API tokens, and certificates that may have been stored on affected systems prior to remediation
Patch Information
Dell has issued security updates for the affected components. Review and apply the fixes described in Dell Security Update DSA-2025-434 for PowerFlex Appliance and Dell Security Update DSA-2025-435 for PowerFlex Rack. Upgrade PowerFlex Manager to a version above 4.6.2 per vendor guidance.
Workarounds
- Limit local user accounts on PowerFlex Manager hosts to a strict allow-list and disable unused accounts
- Enforce multi-factor authentication on jump hosts and bastion systems used to reach PowerFlex management interfaces
- Apply stricter file permissions on PowerFlex configuration directories where vendor guidance permits
- Segment PowerFlex management networks from general-purpose user and workload networks
# Configuration example - audit sensitive PowerFlex paths on Linux management nodes
auditctl -w /opt/dell/pfmp/ -p rwxa -k powerflex_access
auditctl -w /etc/dell/ -p rwxa -k powerflex_config
ausearch -k powerflex_access --start today
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
